Given the continuous rise in active exploitation of the now-known CitrixBleed flaw, governments issued new alerts to patch unpatched Netscaler systems. The recent alerts originate from the Government of Australia and the United States, alongside a separate warning from the vendor, Citrix.
CitrixBleed Flaw Exploitations On The Rise – Warn Govt Alerts
Though it has been a while since the CitrixBleed vulnerability made it to the news, many vulnerable systems remain unpatched. This fact is evident from the rising exploitation attempts in the wild.
Given this scenario, new alerts have been issued by the governments of the United States and Australia, urging users to patch their systems for the CitrixBleed flaw as soon as possible.
According to the joint advisory from the US Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing & Analysis Center (MS-ISAC), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), they have detected active exploitation of the CitrixBleed vulnerability in the wild, where the most notable instances trace back to the notorious LockBit ransomware group.
As stated, LockBit 3.0 ransomware recently targeted the aviation giant Boeing, confirming the incident by leaking stolen files. Initially, it remained unclear how exactly the LockBit ransomware compromised Boeing’s network. However, it eventually turned out that the threat actors exploited the CitrixBleed vulnerability to conduct the attack.
About CitrixBleed Vulnerability
CitrixBleed, CVE-2023-4966, is a severe security vulnerability (CVSS 9.4) in the Citrix NetScaler ADC and NetScaler Gateway. Exploiting this vulnerability allows unauthorized data disclosure, as Citrix explained in its blog post, elaborating on the flaw.
Amidst its disclosure, the vulnerability caught the attention of criminal hackers, leading to active exploitation attempts. Citrix also confirmed detecting targeting attacks involving this exploit, and the US CISA also included it in its Known Exploited Vulnerabilities Catalog.
Soon, Citrix patched the vulnerability with the subsequent releases of NetScaler ADC and NetScaler Gateway, urging users to update immediately.
However, despite numerous media reports and prompt patching, many organizations, such as Boeing, still failed to patch their systems, falling prey to the threat actors.
Therefore, once again, the joint advisory from the US and Australian governments and Citrix’s alert serves as a stark reminder for all users to patch their systems to prevent potential threats.
Let us know your thoughts in the comments.